The business case for cyber resilience

Read time 2min 20sec
Brian Pinnock, MEA sales engineering director at Mimecast.
Brian Pinnock, MEA sales engineering director at Mimecast.

What do the US Secret Service, the suburb Table View and church elders have in common?

The answer requires a bit of context, explained Brian Pinnock, MEA sales engineering director at Mimecast.

Speaking at ITWeb Security Summit 2019 in Cape Town yesterday, Pinnock noted the US Secret Service is responsible for protecting the US president and also takes care of various cyber security incidents.

He noted the first non-US citizen to join the US Secret Service was a South African. He was hired because activities happening in suburbs like Table View are having enough of an impact that the US is taking notice. What activities, you may ask?

According to Pinnock, various syndicates are running elaborate cyber crime groups from these areas and many of these sinister characters are hiding behind a religious façade. These are the people sending SMSes claiming you have won the lottery, or the phishing e-mails that catch more people than would be expected.

Pinnock used this example to showcase how the global threat landscape has evolved, with the rise of savvy and strategic syndicates that are able to adapt far quicker than we can. As businesses increasingly make their move to the cloud and embrace digital, it has become easier for sinister actors to find flaws in their security and manipulate them.

“The tactics are changing. Criminals are now using ‘as-a-service’ style models much in the same way a vendor would. This is why cyber resilience has become so important.”

Pinnock believes all organisations must come up with strategies to keep working even if they are hit by a cyber attack.

And technology is not the only answer. “But it is part of the answer.”

Cyber resilience is about being proactive, not reactive. It’s about business continuity, data recovery and response. It’s also about durability; having a system in place that can seamlessly switch to an available service should something go wrong.

According to Pinnock, this system must ensure all security policies still apply even when the company is in disaster recovery mode. In the event that systems do not hold up, the business needs to be prepared and geared to recover, noted Pinnock.

Cyber resilience is not cyber security, he concluded. “They are very much not the same thing. A defence-only strategy is no longer sufficient. Cyber resilience ensures you’re resilient when a cyber attack takes place. And as we’re seeing time and time again, it will take place.”
See also